One of the features that can be done with Azure Information protection is the integration with Outlook Web Access, in the previous post we have talked about the ability to integrate Azure Information Protection and Exchange Transport Rules. Today we talk about this possibility that can be used when the user does not have installed the Outlook client and the integration with Azure Information Protection client.
Follow the tips below to enable the functionality:
1 – Run powershell with administrator console
Run install-module -name AADRM
2 – Login Azure tenant
Run $cred = Get-Credential
3 – Connect to Azure Right management service
Connect-AadrmService -Credential $cred
4 – Activate the service
Enable-Aadrm
5 – Get the configuration information needed for message encryption
$rmsConfig = Get-AadrmConfiguration
$licenseUri = $rmsConfig.LicensingIntranetDistributionPointUrl
Disconnect-AadrmService
6 – Create a remote PowerShell session and connect to Exchange Online
$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $cred -Authentication Basic –AllowRedirection
Import-PSSession $session
7 – Collect IRM configuration for Office 365
$irmConfig = Get-IRMConfiguration
$list = $irmConfig.LicensingLocation
if (!$list) { $list = @() } if (!$list.Contains($licenseUri)) { $list += $licenseUri }
8 – Enable message encryption for Office 365
Set-IRMConfiguration -LicensingLocation
$list=Set-IRMConfiguration -AzureRMSLicensingEnabled $true -InternalLicensingEnabled $true
9 – Enable the Protect button in Outlook on the web (Optional)
Set-IRMConfiguration -SimplifiedClientAccessEnabled $true
10 – Enable server decryption for Outlook on the web, Outlook for iOS, and Outlook for Android.
Set-IRMConfiguration -ClientAccessServerEnabled $true
11 – Verify that the new capabilities for OME are configured properly by running the TestIRMConfiguration cmdlet
Test-IRMConfiguration -Sender email address
User Expierence
1 – You will login into your outlook web access.
2 – Create your message, your recipients and protect it.
3 – Choose the Azure Information Protection template that you want to apply
Modern Workplace Tech appreciates the reading and hopes it has been of interest.
Microsoft article: https://docs.microsoft.com/en-us/office365/securitycompliance/set-up-new-message-encryption-capabilities